Attorney Docket No. 915-008.021 
Application Serial No. 10/804,855 



In the Claims : 

Please amend the claims as follows: 

1. (currently amended) A method of enhancing data securit y, wh i ch data is to be 
oxoout e d i n an o le ctron i c dovico (101) comprising a secure e x e cut i on e nv i ronm e nt 
(104) to which accoss i s rostr i ct e d, tho method comprising tho steps of : 

generating-(S30S) T in satea secure execution environmen t of an electronic device 
to which access is restricted , a new secret key repeatedly; 

verifying (S302) , in said secure execution environment, the integrity of data to be 
written into storaae-f44£ }. wherein said data is to be executed in the electronic device : 

encrypting-(S304), in said secure execution environment, the data by means of 
said new secret key; and 

writing (S305) the encrypted data into storage. 

2. (original) The method according to claim 1 , wherein a new secret key is 
generated when the device is booted. 

3. (original) The method according to claim 1, wherein a new secret key is 
generated repeatedly during runtime. 

4. (original) The method according to claim 1, wherein said data comprises 
program code. 

5. (currently amended) The method according to claim 1, wherein said storage 
(44£)-comprises temporary memory. 

6. (currently amended) The method according to claim 1 , further comprising-the 
st e p of : 
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reordering address locations of said storage (110) in address space at the time 
of boot, wherein the order of the address locations in address space is altered. 

7. (currently amended) The method according to claim 4, further comprising-the 
stop of : 

authenticating-(S4Q3), in said secure execution environment-fW4) f the program 
code to be written into storage (110) to ensure that the program code originates from a 
trusted program code provider. 

8. (currently amended) The method according to claim 1, wherein the stop of 
encrypting (S304) data further comprises the st e ps of : 

combining the address of the location in said storage (110) , to which location the 
encrypted data is to be written, with the new secret key; and 

using the combination of the address and the new secret key to encrypt said 
data, wherein the encrypted data becomes associated with said address. 

9. (currently amended) The method according to claim 1 , wherein the st e p of 
generating (S303) a new secret key comprises tho stop of g enerating a plurality of new 
secret keys, wherein each new secret key is used to encrypt a respective subset of the 
data. 

10. (currently amended) The method according to claim 1, further comprising-the 
stop of : 

calculating-(S§0§), in said secure execution environment-^^), integrity data for 
data to be stored in said storage (110) ; and 

storing (S506) the calculated integrity data. 

11. (original) The method according to claim 10, wherein said integrity data 
comprises a message authentication code. 
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12. (original) The method according to claim 1 1, wherein said message 
authentication code is calculated by using the generated new secret key. 

13. (original) The method according to claim 12, wherein different message 
authentication codes are calculated for different parts of the data by means of different 
new secret keys. 

14. (currently amended) The method according to claim 13, further comprising 
th e steps of : 

verifying-{S§02), in said secure execution environment-(4G4), correctness of the 
message authentication code that is associated with read data; and 

stopping (S603) d evice operation if said message authentication code is 
incorrect. 

15. (currently amended) The method according to claim 1, further comprising 
tho stops of : 

setting a processor (4G3)-arranged in the electronic device (101) in one of at 
least two different operating modes; and 

storing protected data relating to device security in at least one storage area of a 
storage circuitry (105, 106, 107) ; wherein 

the processor is given access to said storage area, in which said protected data 
are located, when a secure processor operating mode is set, and 

the processor is denied access to said storage area when a normal processor 
operating mode is set. 

16. (original) The method according to claim 15, wherein the setting of processor 
modes is performed by protected applications. 
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17. (currently amended) A system for enhancing data security , which data is to 
bo oxocutod in an e le ctronic d e v i c e (101) comprising a socuro e x e cution env i ronment 
(10 4 ) to wh i ch acc e ss is r e strict e d, which syst e m compris e s comprising : 

moans (103) a processor: 

arranged to generate 7 in saida secure execution environment of an electronic 
device to which access is restricted , a new secret key in said secure execution 
environment repeatedly; 

moans (103) arranged to verify, in said secure execution environment, the 
integrity of data to be written into storage444Q }, wherein said data is to be executed in 
the electronic device : 

means (103) arranged to encrypt, in said secure execution environment, the data 
by means of said new secret key; and 

m e ans (103) arranged to write the encrypted program code into storage. 

18. (original) The system according to claim 17, wherein the system is arranged 
such that a new secret key is generated when the device is booted. 

19. (original) The system according to claim 17, wherein the system is arranged 
such that a new secret key is generated repeatedly during runtime. 

20. (original) The system according to claim 17, wherein said data comprises 
program code. 

21. (currently amended) The system according to claim 17, wherein said storage 
(110) comprises temporary memory. 
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22. (currently amended) The system according to claim 17, furth e r compr i sing: 
moans (103) wherein said processor is arranged to reorder address locations of 

said storage (110) in address space at the time of boot, wherein the order of the 
address locations in address space is altered. 

23. (currently amended) The system according to claim 20, furth e r compr i s i ng: 
moans (103) w herein said processor is arranged to authenticate, in said secure 

execution environment-fl-04), the program code to be written into storage (110) to 
ensure that the program code originates from a trusted program code provider. 

24. (currently amended) The system according to claim 17, wherein th e means 
(103) arranged said processor arrangement to oncryptinq encrypt data further is 
arranged to combine the address of the location in said storage (110) , to which location 
the encrypted data is to be written, with the new secret key, and to use the combination 
of the address and the new secret key to encrypt said data, wherein the encrypted data 
becomes associated with said address. 

25. (currently amended) The system according to claim 17, furth e r compr i s i ng: 



arranged to calculate, in said secure execution environment-(4S4), integrity data 
for data to be stored in said storage (110) ; and 

moans (110, 112) memory arranged to store the calculated integrity data. 

26. (original) The system according to claim 25, wherein said integrity data 
comprises a message authentication code. 

27. (currently amended) The system according to claim 26, wherein said 
processor arrangement to calculate th o ca l culat i ng moans (103) is arranged such that it 
uses the new secret key generated to calculate the message authentication code. 
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28. (currently amended) The system according to claim 27, further 
comprisinq: w herein said processor is 

m e ans (103) arranged to verify, in said secure execution environment-(4©4), 
correctness of the message authentication code that is associated with read data and 
to stop device operation if said message authentication code is incorrect. 

29. (currently amended) The system according to claim 17, further 
compris i nq: wherein said processor is 

a proc e ssor (103) arranged such that it may be set in one of at least two different 
operating modes; and wherein said system further comprises 

storage circuitry (105, 106, 107) arranged with at least one storage area in which 
protected data relating to device security are located; wherein the system is further 
arranged such that: 

the processor is given access to said storage area, in which said protected data 
are located, when a secure processor operating mode is set, and 

the processor is denied access to said storage area when a normal processor 
operating mode is set. 

30. (currently amended) The system according to claim 29, wherein the setting 
of processor (103) modes is performed by protected applications. 

31. (currently amended) A mobile telecommunication terminal (100, 200) 
comprising the system according to claim 17. 

32. (currently amended) A programmable logic device (101, 201) comprising the 
system according to claim 17. 
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33. (currently amended) The programmable logic device (101, 201) according to 
claim 32, wherein said programmable logic device is implemented in the form of an 
application specific integrated circuit. 

34. (currently amended) A computer program product comprising computer- 
executable components stored in a memory f or causing a device (101) to perform the 
steps -actions recited in claim 1 when the computer-executable components are run on 
a processing unit (103, 203) included in the device. 

35. (currently amended) A computer-readable medium storing computer- 
executable components for causing a device (101) to perform the step sactions recited 
in claim 1 when the computer-executable components are run on a processing unit 
(103, 203) included in the device. 

36. (new) A system for enhancing data security comprising: 

means for generating, in a secure execution environment of an electronic device 
to which access is restricted, a new secret key in said secure execution environment 
repeatedly; 

means for verifying, in said secure execution environment, the integrity of data to 
be written into storage which data is to be executed in the electronic device; 

means for encrypting, in said secure execution environment, the data by means 
of said new secret key; and 

means for writing the encrypted program code into storage. 
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